| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | openssl-rand,
|
|---|
| 6 | rand - generate pseudo-random bytes
|
|---|
| 7 |
|
|---|
| 8 | =head1 SYNOPSIS
|
|---|
| 9 |
|
|---|
| 10 | B<openssl rand>
|
|---|
| 11 | [B<-help>]
|
|---|
| 12 | [B<-out> I<file>]
|
|---|
| 13 | [B<-rand file...>]
|
|---|
| 14 | [B<-writerand file>]
|
|---|
| 15 | [B<-base64>]
|
|---|
| 16 | [B<-hex>]
|
|---|
| 17 | I<num>
|
|---|
| 18 |
|
|---|
| 19 | =head1 DESCRIPTION
|
|---|
| 20 |
|
|---|
| 21 | This command generates I<num> random bytes using a cryptographically
|
|---|
| 22 | secure pseudo random number generator (CSPRNG).
|
|---|
| 23 |
|
|---|
| 24 | The random bytes are generated using the L<RAND_bytes(3)> function,
|
|---|
| 25 | which provides a security level of 256 bits, provided it managed to
|
|---|
| 26 | seed itself successfully from a trusted operating system entropy source.
|
|---|
| 27 | Otherwise, the command will fail with a nonzero error code.
|
|---|
| 28 | For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<RAND_DRBG(7)>.
|
|---|
| 29 |
|
|---|
| 30 | =head1 OPTIONS
|
|---|
| 31 |
|
|---|
| 32 | =over 4
|
|---|
| 33 |
|
|---|
| 34 | =item B<-help>
|
|---|
| 35 |
|
|---|
| 36 | Print out a usage message.
|
|---|
| 37 |
|
|---|
| 38 | =item B<-out file>
|
|---|
| 39 |
|
|---|
| 40 | Write to I<file> instead of standard output.
|
|---|
| 41 |
|
|---|
| 42 | =item B<-rand file...>
|
|---|
| 43 |
|
|---|
| 44 | A file or files containing random data used to seed the random number
|
|---|
| 45 | generator.
|
|---|
| 46 | Multiple files can be specified separated by an OS-dependent character.
|
|---|
| 47 | The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
|
|---|
| 48 | all others.
|
|---|
| 49 | Explicitly specifying a seed file is in general not necessary, see the
|
|---|
| 50 | L</NOTES> section for more information.
|
|---|
| 51 |
|
|---|
| 52 | =item [B<-writerand file>]
|
|---|
| 53 |
|
|---|
| 54 | Writes random data to the specified I<file> upon exit.
|
|---|
| 55 | This can be used with a subsequent B<-rand> flag.
|
|---|
| 56 |
|
|---|
| 57 | =item B<-base64>
|
|---|
| 58 |
|
|---|
| 59 | Perform base64 encoding on the output.
|
|---|
| 60 |
|
|---|
| 61 | =item B<-hex>
|
|---|
| 62 |
|
|---|
| 63 | Show the output as a hex string.
|
|---|
| 64 |
|
|---|
| 65 | =back
|
|---|
| 66 |
|
|---|
| 67 | =head1 NOTES
|
|---|
| 68 |
|
|---|
| 69 | Prior to OpenSSL 1.1.1, it was common for applications to store information
|
|---|
| 70 | about the state of the random-number generator in a file that was loaded
|
|---|
| 71 | at startup and rewritten upon exit. On modern operating systems, this is
|
|---|
| 72 | generally no longer necessary as OpenSSL will seed itself from a trusted
|
|---|
| 73 | entropy source provided by the operating system. The B<-rand> and
|
|---|
| 74 | B<-writerand> flags are still supported for special platforms or
|
|---|
| 75 | circumstances that might require them.
|
|---|
| 76 |
|
|---|
| 77 | It is generally an error to use the same seed file more than once and
|
|---|
| 78 | every use of B<-rand> should be paired with B<-writerand>.
|
|---|
| 79 |
|
|---|
| 80 | =head1 SEE ALSO
|
|---|
| 81 |
|
|---|
| 82 | L<RAND_bytes(3)>,
|
|---|
| 83 | L<RAND(7)>,
|
|---|
| 84 | L<RAND_DRBG(7)>
|
|---|
| 85 |
|
|---|
| 86 | =head1 COPYRIGHT
|
|---|
| 87 |
|
|---|
| 88 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 89 |
|
|---|
| 90 | Licensed under the OpenSSL license (the "License"). You may not use
|
|---|
| 91 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 92 | in the file LICENSE in the source distribution or at
|
|---|
| 93 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 94 |
|
|---|
| 95 | =cut
|
|---|
